<?php
include("../sesiune.php");
$numeProd = $_POST['numeProd'];
$detalii = $_POST['detalii'];
$pret = $_POST['pret'];
$cat_id = $_POST['cat_id'];
$upload = $_POST['upload'];
echo 'Produs'.' '.$numeProd.'<br/>', 'Detalii'.' '.$detalii.'<br/>', 'Pret'.' '.$pret.'<br/>';

$target_path = "uploads/";
$target_path = $target_path.( $_FILES['upload']['name']); 

echo "Upload: " . $_FILES["upload"]["name"] . "<br />";
echo "Type: " . $_FILES["upload"]["type"] . "<br />";
echo "Size: " . ($_FILES["upload"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $target_path . "<br />";
	if (! $_FILES["upload"]["tmp_name"])
		{
		exit;
		}
	else 
		{
		$contentType = $_FILES['upload']['type'];
		$contentName = $_FILES['upload']['name'];
		$uploadSize = $_FILES["upload"]["size"];
		$username = $_SESSION["username"];
		$tmpName = $_FILES["upload"]["tmp_name"];		
		move_uploaded_file ( $_FILES["upload"]["tmp_name"], "../../uploads/".$_FILES["upload"]["name"]);
		$query = "INSERT INTO produse SET numeProd = '".escInjection($numeProd)."', detalii = '".escInjection($detalii)."', pret = '".escInjection($pret)."', upload = '"."../../uploads/".$_FILES["upload"]["name"]."', username = '".escInjection($username)."', uploadSize = '".escInjection($uploadSize)."', contentType = '".escInjection($contentType)."', contentName = '".escInjection($contentName)."', cat_id = '".escInjection($cat_id)."'";
		$insertProd = mysql_query($query,getConnection()) or die (mysql_error());
		
		}
?>
<html>
<body>
<a href = "add.php"><input type = "button" value = "Back"/></a>
</body>
</html>


